# # My IP address = 10.2.3.51/24 # DNS server = 10.2.3.40, 10.2.3.42 # # # rules for test use # #pass in quick all #pass out quick all # # log packets which have IP options. # block in log quick on iprb0 from any to any with ipopts frag block in log quick on iprb0 proto tcp from any to any with short # # IP Spoofing rule # block in quick from 127.0.0.0/8 to any block in quick from 10.2.3.51 to any # # deny local addresses. # #block in quick from 10.0.0.0/8 to any block in quick from 172.16.0.0/12 to any block in quick from 192.168.0.0/16 to any block in quick from 0.0.0.0/8 to any block in quick from 169.254.0.0/16 to any block in quick from 192.0.2.0/24 to any block in quick from 224.0.0.0/4 to any block in quick from 240.0.0.0/4 to any # # inbound packets group # pass in on iprb0 all head 100 # # packets on loopback device (but it seems that Solaris wouldn't use lo0...) # #pass in quick on lo0 all group 100 # # deny inbound ICMP unreachables, but others allowed. # pass in quick on iprb0 proto icmp from any to 10.2.3.51 icmp-type echorep group 100 block in log quick on iprb0 proto icmp from any to any group 100 # # Established (ACK is set) packets are allowed. # pass in quick on iprb0 proto tcp from any to 10.2.3.51 flags A/A group 100 # # allow incoming FTP, SMTP, SSH, HTTP, Proxy, and AnswerBook2. # pass in quick on iprb0 proto tcp from 10.2.3.0/24 to 10.2.3.51 port = 21 flags S/SA group 100 pass in quick on iprb0 proto tcp from 10.2.3.0/24 to 10.2.3.51 port = 25 flags S/SA group 100 block return-rst in quick on iprb0 proto tcp from any to any port = 113 group 100 pass in quick on iprb0 proto tcp from 10.2.3.0/24 to 10.2.3.51 port = 22 flags S/SA group 100 pass in quick on iprb0 proto tcp from 10.2.3.0/24 to 10.2.3.51 port = 80 flags S/SA group 100 pass in quick on iprb0 proto tcp from 10.2.3.0/24 to 10.2.3.51 port = 8080 flags S/SA group 100 pass in quick on iprb0 proto tcp from 10.2.3.0/24 to 10.2.3.51 port = 8888 flags S/SA group 100 # # allow outgoing "port-mode ftp". # pass in quick on iprb0 proto tcp from any port = 20 to 10.2.3.51 port > 1023 flags S/SA group 100 # # allow outgoing DNS query # pass in quick on iprb0 proto udp from 10.2.3.40 port = 53 to 10.2.3.51 group 100 pass in quick on iprb0 proto udp from 10.2.3.42 port = 53 to 10.2.3.51 group 100 # # allow outgoing NTP packets # pass in quick on iprb0 proto udp from any port = 123 to 10.2.3.51 group 100 # # allow NetBIOS over TCP/IP on port 137, 138 and 139. # pass in quick on iprb0 proto udp from 10.2.3.0/24 port 136 >< 139 to 10.2.3.0/24 port 136 >< 139 group 100 pass in quick on iprb0 proto tcp from 10.2.3.0/24 to 10.2.3.0/24 port = 139 group 100 # # cleanup rule # block in log quick all group 100 ############################################################################### # # outbound packets group # pass out on iprb0 all head 200 # # packets on loopback device (but it seems that Solaris wouldn't use lo0...) # #pass out quick on lo0 all group 200 # # deny inbound ICMP unreachables, but others allowed. # pass out quick on iprb0 proto icmp from 10.2.3.51 to any icmp-type echo group 200 block out log quick on iprb0 proto icmp from any to any group 200 # # outgoing TCP packets are allowed. # pass out quick on iprb0 proto tcp from 10.2.3.51 to any group 200 # # allow incoming "PORT mode FTP". # pass out quick on iprb0 proto tcp from 10.2.3.51 port = 20 to any port > 1023 flags S/SA group 200 # # allow outgoing DNS query # pass out quick on iprb0 proto udp from 10.2.3.51 to 10.2.3.40 port = 53 group 200 pass out quick on iprb0 proto udp from 10.2.3.51 to 10.2.3.42 port = 53 group 200 # # allow outgoing NTP packets # pass out quick on iprb0 proto udp from 10.2.3.51 to any port = 123 group 200 # # allow NetBIOS over TCP/IP on port 137, 138 and 139. # pass out quick on iprb0 proto udp from 10.2.3.0/24 port 136 >< 139 to 10.2.3.0/24 port 136 >< 139 group 200 # # cleanup rule # block out log quick all group 200